Apple issues Mac OS X security patch

Apple Computer on Friday issued an update to Mac OS X to address flaws that security firms said could allow malicious code to be run on a Macintosh.

The update fixes a pair of flaws that could be used to create a virus that spreads through a Web link sent via e-mail messages. An attacker also would have to create a Web site with special programming to exploit the vulnerability.

		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

The issue was made public this week, although the person who discovered the problem claims to have notified Apple in February.

Security information service Secunia on Tuesday rated the issue "extremely critical," because online discussions have pointed out many different ways to exploit the flaws.

Apple took the unusual step of issuing a press release to tout its security update, but a representative refused to answer all questions regarding the issue, including why it has taken since February to get a patch for the software.

"Apple takes security very seriously and works quickly to address potential threats as we learn of them--in this case, before there was any actual risk to our customers," Philip Schiller, Apple's senior vice president of worldwide marketing, said in the press release.

The Mac has generally had a reputation for having fewer security issues--and less serious ones than Windows-based machines. However, Apple has recently been criticized for not adequately disclosing the nature of flaws in OS X and for its lack of response to security industry concerns.

Apple encouraged all Mac owners to install all Mac OS X updates on their machines to best protect their systems.

MacOS X flaws

Why is a flawn informed to Apple on February and the security
patch posted May 22nd by Apple? We pay premium price every
year for a new OS cat release but Apple takes 3 months to
release a security patch?

[MacSmiley]

Does M$ do any better?

I would have liked this patch to have been issued before the
publicity about it. However, when compared to the 6 months it
can typically take Micro$oft to issue patches, which may or may
not work, which may include a change in end user terms, etc.,
Apple has a good security track record. And a security patch is
just that, no hidden agendas.

If I'm not mistaken, a vulnerability the Windows Help system
enabling remote hijacking was made public in December 2003.
Then another Help system vulnerability was publicized in April.
A patch finally was issued 10 days ago.

As soon as the vulnerabiity hit the main Mac forums, it didn't
take long for Mac enthusiasts to start posting that the "fix" that
was suggested by Secunia didn't work. Industrious Mac users
quickly came up with their own work-arounds which did disable
the Help Viewer immediately.

That kind of co-operative efforts are typical in the Mac
community. I'm glad Apple issued the patch to fix the problem
altogether just a few days later.

Not bad, as far as I'm concerned.

Improve Story

It would have been helpful if you had included a link to the patch.